added sanity checks for /setup/systemd route
parent
653c4aad54
commit
d8434a02cf
33
nginx.conf
33
nginx.conf
|
@ -121,9 +121,26 @@ http {
|
||||||
alias /ca/ca.crt;
|
alias /ca/ca.crt;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /setup {
|
location /setup/systemd {
|
||||||
add_header "Content-type" "text/plain" always;
|
add_header "Content-type" "text/plain" always;
|
||||||
return 200 '
|
return 200 '
|
||||||
|
set -e
|
||||||
|
|
||||||
|
if [ ! -d /etc/systemd ]; then
|
||||||
|
echo "Not a systemd system"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $EUID -ne 0 ]]; then
|
||||||
|
echo "Must be root to change system files"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ $(systemctl is-active --quiet docker.service) -ne 0 ]]; then
|
||||||
|
echo "Docker service missing"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p /etc/systemd/system/docker.service.d
|
mkdir -p /etc/systemd/system/docker.service.d
|
||||||
cat << EOD > /etc/systemd/system/docker.service.d/http-proxy.conf
|
cat << EOD > /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -132,7 +149,12 @@ EOD
|
||||||
|
|
||||||
# Get the CA certificate from the proxy and make it a trusted root.
|
# Get the CA certificate from the proxy and make it a trusted root.
|
||||||
curl $scheme://$http_host/ca.crt > /usr/share/ca-certificates/docker_registry_proxy.crt
|
curl $scheme://$http_host/ca.crt > /usr/share/ca-certificates/docker_registry_proxy.crt
|
||||||
echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
|
if fgrep -q "docker_registry_proxy.crt" /etc/ca-certificates.conf ; then
|
||||||
|
echo "certificate refreshed"
|
||||||
|
else
|
||||||
|
echo "docker_registry_proxy.crt" >> /etc/ca-certificates.conf
|
||||||
|
fi
|
||||||
|
|
||||||
update-ca-certificates --fresh
|
update-ca-certificates --fresh
|
||||||
|
|
||||||
# Reload systemd
|
# Reload systemd
|
||||||
|
@ -140,11 +162,10 @@ systemctl daemon-reload
|
||||||
|
|
||||||
# Restart dockerd
|
# Restart dockerd
|
||||||
systemctl restart docker.service
|
systemctl restart docker.service
|
||||||
|
echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/"
|
||||||
';
|
';
|
||||||
}
|
} # end location /setup/systemd
|
||||||
|
} # end server
|
||||||
# @TODO: add a dynamic root path that generates instructions for usage on docker clients
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# The caching layer
|
# The caching layer
|
||||||
|
|
Loading…
Reference in New Issue